Following the Supreme Court’s decision to overrule Roe v. Wade, U.S. Department of Health and Human Services’ (HHS) Secretary Xavier Becerra has recently urged HHS agencies to take action to protect women’s access to sexual and reproductive health care, which includes abortion, pregnancy complications, and other related care. The decision made by the Supreme Court to overrule Roe v. Wade has removed women’s rights to safe and legal abortions, leaving the decision for the individual states to determine women’s reproductive rights. 13 states have trigger laws embedded in Roe v. Wade that will outlaw abortions once overturned.
The HHS’ Office for Civil Rights (OCR), HIPAA’s primary enforcer, has issued new guidance for hea;thcare providers and patients who seek access to reproductive health services. In the guidance, the OCR details how individual’s private healthcare information is required to stay confidential, including information regarding abortion and other sexual reproductive healthcare information, under the Health Insurance Portability and Accoutability Act.
Concerns have been raised by women who use health information applications as they fear a disclosure of their data may lead to prosecution from the state. The new guidance details that the privacy laws protecting healthcare information extends to cell phones and tablets and includes how women can ensure their privacy when utilizing period tracker and other healthcare information applications.
The HHS’ Secretary is requesting individuals who believe their privacy rights have been violated to report the incident to the OCR. “How you access health care should not make you a target for discrimination,” explained HHS Secretary Xavier Becerra. “HHS stands with patients and providers in protecting HIPAA privacy rights and reproductive health care information”. The protection of access to healthcare, including access to all forms of reproductive care, is now a priority for the OCR
For healthcare providers, the guidance details how the HIPAA Privacy Rule enables HIPAA-regulated entities to share an individual’s personal information without acquiring authorization from the subject individual only for purposes of healthcare, payment, and healthcare operations. Other disclosures, including to law enforcement, are only allowed in specific circumstances in order to protect women’s privacy.